Jump to content

Win64/Intel.A NIC_Intel_firmware IQVW64e.sys

RobFIT

By RobFIT
in Malware Finding and Cleaning

 Share
Go to solution Solved by itman,

Recommended Posts

RobFIT

RobFIT 0

Posted
Posted

Hello ,

I am constantly receiving this Detection  , i know this has also been marked as a Vulnerability -- > NVD - CVE-2015-2291 (nist.gov)


C:\Windows\Temp\a1d4d890-a36f-4104-8dfa-041c3f82fd6d\NIC_Intel_Firmware\iqvw64e.sys;Win64/Intel.A potentially unsafe application;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred on a new file created by the application: C:\Windows\Temp\a1d4d890-a36f-4104-8dfa-041c3f82fd6d\miniunz.exe

 

Upgraded the Endpoint Version , Scanned , detections are deleted but it recurs.

There' no any DUP (dell Update Package )  , NIC is a Broadcom not an Intel

 

Please advise how to clean it up once and for all .

 

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,915

Posted
  • Administrators
Posted

If the application miniunz.exe  is trusted and you run it on purpose, you can create a detection exclusion for the detected file. It can be misused only when used by an attacker or malware.

Link to comment
Share on other sites
RobFIT

RobFIT 0

Posted
  • Author
Posted
56 minutes ago, Marcos said:

If the application miniunz.exe  is trusted and you run it on purpose, you can create a detection exclusion for the detected file. It can be misused only when used by an attacker or malware.

Thanks for your reply Marcos

But it's auto downloading / installing , i never run miniunz.exe
Just wanted to know if this might be a False Positive ?

Link to comment
Share on other sites
  • Solution
itman

itman 1,628

Posted
  • Solution
Posted
3 hours ago, RobFIT said:

But it's auto downloading / installing , i never run miniunz.exe

Copy the hash value from the entry Eset quarantined. Then go to VirusTotal.com and perform a scan based on hash value. If there are multiple AV vendors detection at VT, assume the file being downloaded is malicious.

 CVE-2015-2291 tracks to an Intel Ethernet diagnostic driver vulnerability. I have linked Intel's article about it which includes a patched updated driver: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html . I suggest you apply the driver update ASAP.

Link to comment
Share on other sites
RobFIT

RobFIT 0

Posted
  • Author
Posted
On 7/19/2022 at 4:56 PM, itman said:

Copy the hash value from the entry Eset quarantined. Then go to VirusTotal.com and perform a scan based on hash value. If there are multiple AV vendors detection at VT, assume the file being downloaded is malicious.

 CVE-2015-2291 tracks to an Intel Ethernet diagnostic driver vulnerability. I have linked Intel's article about it which includes a patched updated driver: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html . I suggest you apply the driver update ASAP.

Thanks Buddy , Will test it , Sorry for the late reply.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...